Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Paopawdecarabao

Posted 04 February 2015 - 03:03 AM

Advertisements

Paopawdecarabao

Posted 04 February 2015 - 03:15 AM

Paopawdecarabao

Member

Topic Starter

Member

28 posts

That could be the installer.
In Malwarebytes Anti-Malware click on History > Select Quaraintine > Select the Trojan.Ransom.ED and click on Restore > Confirm Yes
Then find the file, zip it up and mail it to me.
Did you find any .txt or .html files in your Libraries?

Advertisements

Metallica

Posted 04 February 2015 - 04:56 AM

Metallica

Spyware Veteran

GeekU Moderator

32,024 posts

OK I found one that has the same detection names in Malwarebytes Trojan.Ransom.ED and Avast Win32:Malware-genAlso the filename is only slightly different:https://www.virustot...9f1a8/analysis/Unfortunately both detections are pretty generic, but the infection date fits as well, so I am going out on a limb and say you should be on the lookout if there will be a decryption routine made available for that one.

OK I found one that has the same detection names in Malwarebytes Trojan.Ransom.ED and Avast Win32:Malware-gen
Also the filename is only slightly different:https://www.virustot...9f1a8/analysis/
Unfortunately both detections are pretty generic, but the infection date fits as well, so I am going out on a limb and say you should be on the lookout if there will be a decryption routine made available for that one.

There are no decryption program for the trojan.ransom.ed yet?

My system restore was off. I don't have any restore points.

So I would just have to wait to a have something for it to decrypt and won't do anything on the harddrive?

Metallica

Posted 04 February 2015 - 01:35 PM

As far as I can tell the Ransomware itself has been removed.You can test this by downloading some new pictures into "My Pictures"They should stay un-changed.

It would take a supercomputer about 1000 years to find the right key to decrypt your files.There are a few things I am willing to try, but I need at least two copies of tyhe same file. One encrypted and one untouched.What usually happens is that someone stumbles upon the server where the ransomware authors have stored their keys and they issue a tool to decrypt the files. No such tool is around for this version yet. I have tried a few of the old ones on the files you sent me, without any luck.

Paopawdecarabao

Posted 04 February 2015 - 02:19 PM

As far as I can tell the Ransomware itself has been removed.
You can test this by downloading some new pictures into "My Pictures"
They should stay un-changed.

It would take a supercomputer about 1000 years to find the right key to decrypt your files.
There are a few things I am willing to try, but I need at least two copies of tyhe same file. One encrypted and one untouched.
What usually happens is that someone stumbles upon the server where the ransomware authors have stored their keys and they issue a tool to decrypt the files. No such tool is around for this version yet. I have tried a few of the old ones on the files you sent me, without any luck.